diff options
Diffstat (limited to 'chrome/browser/net/cert_logger.proto')
| -rw-r--r-- | chrome/browser/net/cert_logger.proto | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/chrome/browser/net/cert_logger.proto b/chrome/browser/net/cert_logger.proto new file mode 100644 index 0000000..e09ed2a --- /dev/null +++ b/chrome/browser/net/cert_logger.proto @@ -0,0 +1,49 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// This protobuffer is intended to store reports from Chrome users of +// certificate pinning errors. A report will be sent from Chrome when it gets +// e.g. a certificate for google.com that chains up to a root CA not expected by +// Chrome for that origin, such as DigiNotar (compromised in July 2011), or +// other pinning errors such as a blacklisted cert in the chain. The +// report from the user will include the hostname being accessed, +// the full certificate chain (in PEM format), and the +// timestamp of when the client tried to access the site. A response is +// generated by the frontend and logged, including validation and error checking +// done on the client's input data. + + +syntax = "proto2"; + +package chrome_browser_net; + +// Chrome requires this. +option optimize_for = LITE_RUNTIME; + +// Protocol types +message CertLoggerRequest { + // The hostname being accessed (required as the cert could be valid for + // multiple hosts, e.g. a wildcard or a SubjectAltName. + required string hostname = 1; + // The certificate chain as a series of PEM-encoded certificates, including + // intermediates but not necessarily the root. + required string cert_chain = 2; + // The time (in usec since the epoch) when the client attempted to access the + // site generating the pinning error. + required int64 time_usec = 3; +}; + +// The response sent back to the user. +message CertLoggerResponse { + enum ResponseCode { + OK = 1; + MALFORMED_CERT_DATA = 2; + HOST_CERT_DONT_MATCH = 3; + ROOT_NOT_RECOGNIZED = 4; + ROOT_NOT_UNEXPECTED = 5; + OTHER_ERROR = 6; + }; + required ResponseCode response = 1; +}; + |